ShaoLin Aptus 2.0 Installation and Operations Guide · PDF file3/10/2015 · ShaoLin Aptus End-User License Agreement identiﬁed as "School Edition", you must be a "Qualiﬁed Educational

ShaoLin Aptus 2.0 Installation andOperations Guide

ShaoLin Aptus 2.0 Installation and Operations GuidePublished 2003-07-04Copyright © 2003 by ShaoLin Microsystems Limited

ShaoLin Microsystems Ltd. reserved the rights

Revision History

Revision 0.1 2003-04-15 Revised by: David ChowUpdated for ShaoLin Aptus 2.0.7Revision 0.2 2003-07-04 Revised by: David ChowUpdated for ShaoLin Aptus 2.0.11

Table of ContentsShaoLin Aptus End-User License Agreement...........................................................................................................vi

1. Server License For ShaoLin Aptus...................................................................................................................12. Client CPU License For ShaoLin Aptus...........................................................................................................4

Preface...........................................................................................................................................................................vi

I. Getting started ........................................................................................................................................................ vii

1. Introduction.......................................................................................................................................................11.1. Copyright..............................................................................................................................................11.2. Disclaimer.............................................................................................................................................11.3. Feedbacks and Comments....................................................................................................................11.4. Product Registration.............................................................................................................................11.5. Purchase Information............................................................................................................................21.6. Getting Support.....................................................................................................................................21.7. Reader Prerequisites.............................................................................................................................21.8. Changes in this document.....................................................................................................................2

2. Installation Overview........................................................................................................................................42.1. Server Hardware Requirements............................................................................................................42.2. Client hardware requirement................................................................................................................42.3. Network Equipment..............................................................................................................................52.4. Software Requirements.........................................................................................................................52.5. Aptus Components................................................................................................................................7

3. Planning your system and network...................................................................................................................93.1. Migration issues....................................................................................................................................93.2. Hardware selection, performance and reliability factors....................................................................10

II. Installation and configurations .............................................................................................................................11

4. Aptus Installation............................................................................................................................................124.1. Overview.............................................................................................................................................124.2. Start the Aptus installer from CD-ROM.............................................................................................124.3. Download version installation............................................................................................................124.4. Starting the installer............................................................................................................................134.5. Check for Linux distribution support.................................................................................................134.6. Check for required packages..............................................................................................................134.7. Software installation...........................................................................................................................134.8. Finishing installation..........................................................................................................................15

5. Quick setup with Aptus Configurator..............................................................................................................165.1. Notes to CogoFS users........................................................................................................................165.2. Connecting to Webmin interface........................................................................................................165.3. License file checking and registration................................................................................................165.4. Basic system setup..............................................................................................................................165.5. Binding network adapter to Aptus......................................................................................................175.6. Create your first Aptus Group.............................................................................................................175.7. Connecting a client to the server........................................................................................................185.8. Client startup.......................................................................................................................................20

6. Create client boot disks...................................................................................................................................226.1. Running the boot floppy disk creation program.................................................................................22

iii

6.2. Create boot disk manually..................................................................................................................227. Tuning Aptus...................................................................................................................................................23

7.1. Server considerations..........................................................................................................................237.2. Multiple server setups.........................................................................................................................247.3. Network security.................................................................................................................................25

III. Administration and operations ...........................................................................................................................26

8. Software installations and upgrades................................................................................................................278.1. Software installation...........................................................................................................................278.2. Software upgrades..............................................................................................................................27

9. Integration with existing systems....................................................................................................................289.1. Existing NIS servers...........................................................................................................................289.2. Existing DHCP servers.......................................................................................................................289.3. Existing Linux/Unix file servers.........................................................................................................299.4. Windows NT file servers.....................................................................................................................299.5. LDAP authentication..........................................................................................................................29

10. Fast and large scale deployment, management.............................................................................................3010.1. One to one host duplication..............................................................................................................3010.2. Backup and restore host profile........................................................................................................3010.3. Large volume host creation...............................................................................................................3010.4. Default host profile for all new clients..............................................................................................30

11. Uninstalling Aptus.........................................................................................................................................31

IV. Miscallaneous........................................................................................................................................................32

12. Tips on the Linux environment.....................................................................................................................3312.1. Desktop environment........................................................................................................................3312.2. Mailing systems................................................................................................................................3312.3. File systems......................................................................................................................................3412.4. Controlling User Access to applications...........................................................................................36

13. Troubleshooting.............................................................................................................................................3713.1. General Instructions..........................................................................................................................3713.2. Frequently Asked Questions.............................................................................................................37

A. Technical Reference...............................................................................................................................................40

A.1. Run-time configurations..............................................................................................................................40A.2. Union File System Reference......................................................................................................................40

A.2.1. Mount time options.........................................................................................................................41A.2.2. The .unionfs file..............................................................................................................................41

A.3. Union Network File System Reference.......................................................................................................42A.3.1. Mount time options.........................................................................................................................42

A.4. Group fstab..................................................................................................................................................43

Glossary.......................................................................................................................................................................45

iv

List of Examples12-1. Convert existing ext2 file system to ext3.............................................................................................................35A-1. Example Unionfs Mount.......................................................................................................................................41A-4. Example Unionnfs Mount.....................................................................................................................................43A-5. Unionnfs copy-on-write........................................................................................................................................43A-6. Group fstab...........................................................................................................................................................44

v

ShaoLin Aptus End-User LicenseAgreement

Table of Contents1. Server License For ShaoLin Aptus..........................................................................................................................1

2. Client CPU License For ShaoLin Aptus.................................................................................................................4

1. Server License For ShaoLin AptusThis license applies to the licensed version of ShaoLin Aptus ("Aptus"). You may use this Software only as describedin this license.

IMPORTANT " READ CAREFULLY: This End-User License Agreement ("EULA") is a legal agreement betweenyou (either an individual or a single entity) and ShaoLin Microsystems Limited ("ShaoLin") for the ShaoLin softwareproduct identified above, which includes computer software and may include associated media, printed materials,and "online" or electronic documentation ("Software Product"). An amendment or addendum to this EULA mayaccompany the Software Product.

If you do not agree to all of the terms and conditions of this EULA, then: (a) do not copy, install, distribute or use anycopy of ShaoLin Aptus with which this License is included, and (b) in addition, if you paid ShaoLin or an authorizedShaoLin distributor or reseller for a package consisting of one or more copies of ShaoLin Aptus, you may return thecomplete package unused, within thirty (30) days after purchase, for a full refund of your payment.

The Software Product is protected by copyright laws and international copyright treaties, as well as intellectual prop-erty laws and treaties. The Software Product is licensed, not sold.

1. GRANT OF LICENSE. This EULA grants you the following rights provided that you comply with all terms andconditions of this EULA:

a) Types Of Software. The Software Product contains some or all of the following types of software: "Server Software"that provides the root file system and application files on a computer acting as a server (the computer running theServer Software shall be referred to as the "Aptus Server"); and "Client CPU License" that allows a computer, PC,workstation, terminal, handheld PC, or other electronic device (each of the foregoing a ”Device”) to load or utillizethe root file system and application files provided by the Server Software. Server copies of the Server Software,each of which is compatible with a different microprocessor architecture, may be provided. b) Installation - ServerSoftware. At any given time, you may install one copy of the Server Software for only of those architectures ona single computer. Client CPU License ("CCL"). You may install the CCL on any Device by number of CentralProcessing Unit ("CPU") to which a valid CCL has been dedicated. This Device with CCL installed is defined as"Aptus Client" directly managed by or loading its root file system and application files from Aptus Server. c) Use OfThe Server Software. You may use one copy of the Server Software on one Aptus Server, which may be connected tonumber of authenticated Devices, provided that you have obtained the necessary CCL for such Devices by number ofCPUs. The number of connections includes any indirect connections made through software or hardware that poolsor aggregates connections. You must acquire a separate CCL for the Software Product for each unique CPU whichloades or otherwise utilizes the root file system and application files of the Server Software, whether you use the CCLor any other load license to do so, unless otherwise noted in Clause 1d) or Clause 2 below. d) Use by Administrator.You do not need a CCL to load or utilize the root file system and application files of Server Software for the solepurpose of administering the Server Software. e) Use of the Client CPU License. You may use the CCL provided thatyou acquire CCLs as required in Clause 1c) above, and subject to any limitations set forth in Clause 1b) and Clause2 below. f) Not For Resale Software. If the Software Product is labelled "Evaluation Only" or "Not for Resale", then,notwithstanding Clause 1 of this EULA, your use of the Software Product is limited to use for demonstration, test,or evaluation purposes and you may not resell, or otherwise transfer for value, the Software Product. g) EvaluationLicense. The terms and conditions of the Evaluation License describe the permitted use for trial purpose only. Thelicense is valid for a period with the number of days from the Software delivery, which the trial period is defined byShaoLin. In the event that you desire to use the Software Product after the trial period, you must obtain a commercialLicense of Aptus from ShaoLin. If you decide not to obtain a commercial License of Aptus after the trial period,your rights under this EULA shall terminate automatically and you shall promptly delete the Software Product fromyour Aptus Server. Evaluation License is used for trial purpose which is provided "AS IS" and ShaoLin does notprovide any support service or offer any warranty for Aptus. h) School Edition Software. If the Software Product is

1

ShaoLin Aptus End-User License Agreement

identified as "School Edition", you must be a "Qualified Educational User" to use the Software Product. If you are nota Qualified Educational User, you have no rights under this EULA. i) No Multiplexing Or Pooling. Use of softwareor hardware that reduces the number of Devices directly loading or utilizing the Server Software (sometimes called"multiplexing" or "pooling" software or hardware) does not reduce the number of CCLs required; the required numberof CCLs would equal the number of CPU execution to the multiplexing or pooling software or hardware "front end".j) Reservation Of Rights. All rights not expressly granted are reserved by ShaoLin.

2. DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS

a) Server Software Transfer. You may transfer the Server Software to another Device only on a permanent basis (thatis, with no intent to transfer again) provided the Device from which you have transferred the Server License no longerconnecting to number of authenticated Devices, provide that you have obtained the necessary CCL for such Devices.You may retain the network card that this network card has been configured at Aptus Server connecting to number ofauthenticated Devices, or use a new network card that this new network card is configured at new Device connectingto number of authenticated Devices, which the MAC address is required to change for the load of Server Software. Todetermine if you are change of MAC address, please contact the ShaoLin Support Team at [email protected] the ShaoLin’s Suppliers serving your country.

b) Limitation On Rental. You may not rent, or lease the Software Product.

c) Limitation On Reverse Engineering, Decompilation, and Disassembly. You may not reverse engineer, decompile, ordisassemble the Software Product, except and only to the extent that such activity is expressly permitted by applicablelaw notwithstanding this limitation.

d) Termination. Without prejudice to any other rights, ShaoLin may terminate this EULA if you fail to comply withthe terms and conditions of this EULA. In such event, you must destroy all copies of the Software Product and all ofits component parts.

e) Consent To Use Of Data. With respect to technical information you provide to ShaoLin as part of any (if any) supportservices related to the Software Product, you agree that ShaoLin may collect, process and use such information for itsbusiness purposes, including for product support and development. ShaoLin will not utilize such technical informationin a form that personally identifies you.

f) Upgrades. If the Software Product is labelled as an upgrade, you must be properly licensed to use a product identifiedby ShaoLin as being eligible for the upgrade in order to use the Software Product. A Software Product labelled as anupgrade replacement(s) and/or supplement(s) (and may disable) the upgrade of Software Product, and following theupgrade you may use the resulting Software Product only in accordance with the terms of this EULA.

ited Warranty. ShaoLin warrants that (i) the Software Product will perform substantially in accordance with the ac-companying written materials for a period of thirty (30) days from the date of receipt, and (ii) any support servicesprovided by ShaoLin shall be substantially as described in applicable written materials provided to you by ShaoLin,and ShaoLin support engineers will make commercially reasonable efforts to solve any problem issues. Some Terri-tories and jurisdictions do not allow limitations on duration of an implied warranty, so the above limitation may notapply to you. To the extent allowed by applicable law, implied warranties on the Software Product, if any, are limitedto thirty (30) days.

h) Customer Remedies. ShaoLin’s and its distributors’ and resellers’ (each of the foregoing a "Suppliers") entireliability and your exclusive remedy shall be, at ShaoLin’s option, either (i) return of the price paid, if any, or (ii)repair or replacement of the Software Product that does not meet ShaoLin’s Limited Warranty and which is returnedto ShaoLin with a copy of your receipt. This Limited Warranty is void if failure of the Software Product has resultedfrom accident, abuse, or misapplication. Any replacement Software Product will be warranted for the reminder ofthe original warranty period or thirty (30) days, whichever is longer. Outside the Hong Kong Special Administrative

2


Region ("HKSAR"), neither these remedies nor any product support services offered by ShaoLin are available withoutproof of purchase from and authorized international source.

i) No Other Warranties. To the maximum extent permitted by applicable law, ShaoLin and its Suppliers disclaim allother warranties and conditions, either express or implied, including, but not limited to, implied warranties of mer-chantability, fitness for a particular purpose, title, and non-infringement, with regard to the Software Product, andthe provision of or failure to provide support services. This Limited Warranty gives you specific legal rights. Youmay have others, which vary from city, state, province, or country (each of the foregoing a "Territory" or "Territo-ries")/jurisdiction to Territory/jurisdiction.

j) Limitation Of Liability. To the maximum extent permitted by applicable law, in no event shall ShaoLin or its Suppli-ers be liable for any special, incidental, indirect, or consequential damages whatsoever (including, without limitation,damages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss)praising out of the use of or inability to use the Software Product or the provision of or failure to provide supportservices, even if ShaoLin has been advised of the possibility of such damages. In any case, ShaoLin’s entire liabilityunder any provision of this EULA shall be limited to the greater of the amount actually paid by you for the SoftwareProduct; provided, however, if you have entered into a ShaoLin Annual Subscription Service. ShaoLin’s entire lia-bility regarding support service shall be governed by the terms of that Annual Subscription Service. Because someTerritories and jurisdictions do not allow the exclusion of limitation of liability, the above limitation may not apply toyou.

k) Intellectual Property Rights. All title and intellectual property rights in and to the Software Product (including butnot images, photographs, animations, video, audio and text incorporated into the Software Product), and any copiesyou are permitted to make herein are owned by ShaoLin or its Suppliers. All title and intellectual property rights in andto the content which may be loaded through use of the Software Product is the property of the respective content ownerand may be protected by applicable copyright or other intellectual property laws and treaties. This EULA grants youno rights to use such content. If this Software Product contains documentation that is provided only in electronic form,you may print one copy of such electronic documentation. You may not copy the printed materials accompanying theSoftware Product.

l) Reinstallation Copy. After installation of single copy of Software Product pursuant to this EULA, you may keep theoriginal media on which the Software Product was provided by ShaoLin solely for archival purposes or reinstallationof the Software Product on the same computer with same network card as the Software Product was previouslyinstalled.

m) Export Restrictions. You agree that you will not export or re-export the Software Product, any part thereof, or anyprocess or service that is the direct product of the Software Product, to any country, person or entity subject to exportrestrictions of HKSAR.

n) Governing Law. This EULA is the complete statement of the agreement between the parties on the subject matter,and merges and supersedes all other or prior understandings, purchase orders, agreements and arrangements. ThisEULA shall be governed by the laws of the HKSAR. Exclusive jurisdiction and venue for all matters relating to thisEULA shall be in courts located in the HKSAR, and you consent to such jurisdiction and venue. There are no thirdparty beneficiaries of any promises, obligations or representations made by ShaoLin herein. Any waiver by ShaoLinof any violation of this EULA by you shall not constitute, nor contribute to, a waiver by ShaoLin of any other or futureviolation of the same provision, or any other provision, of this EULA.

o) Applicable Law. If this Server License was acquired outside the HKSAR, then please refer to the Applicable Lawof the city, state, province, or country of territory.

p) Entire Agreement. This EULA (including any addendum or amendment to this EULA which is included with theSoftware Product) and the CCL (if applicable) are the entire agreement between you and ShaoLin relating to the

3


Software Product and they supersede all prior or contemporaneous oral or written communications, proposals, andrepresentation with respect to the Software Product or any other subject matter covered by EULA.

2. Client CPU License For ShaoLin AptusThis license applies to the licensed version of ShaoLin Aptus (”Aptus”). You may use this Software only as describedin this license.

IMPORTANT ” READ CAREFULLY: This End-User License Agreement ("EULA”) is a legal agreement betweenyou (either an individual or a single entity) and ShaoLin Microsystems Limited (”ShaoLin”) for the ShaoLin softwareproduct identified above. Before loading ShaoLin Server Software: By loading or otherwise utilizing the root filesystem and application files of the ShaoLin Server Software listed above ”Server Software”, you agree to be boundby the terms of this EULA (”Client CPU License” ).

If you do not agree to all of the terms and conditions of this Client CPU License (”CCL”), then: (a) do not copy, install,distribute or use any copy of CCL with which this License is included, and (b) in addition, if you paid ShaoLin or anauthorized ShaoLin distributor or reseller for a package consisting of one or more copies of CCL, you may return thecomplete package unused, within thirty (30) days after purchase, for a full refund of your payment.

1. GRANT OF LICENSE

a) Overvew. This CCL describes your rights to load or utilize the root file system and application files of ServerSoftware licensed by you, provided that you comply with all terms and conditions of this CCL. This CCL does notgrant you any right to load or utilize the root file system and application files of Server Software that is not licensedby you. The root file system and application files of Server Software are considered to be loaded or utilized whenthere is a direct or indirect connection between a computer, PC, workstation, terminal, handheld PC, or other digitialelectronic device (each of the foregoing a ”Device”) by the number of Central Processing Unit (each of the foregoinga ”CPU”) and the Server Software running on a computer (the computer running the Server Software shall be referredto as the ”Aptus Server”).

b) Use Of The CCL. This CCL must be dedicated to one unique CPU. It permits that CPU to load or otherwiseutilize the root file systems and application files of the Server Software running on one (1) Aptus Server that you mustdesignate. This CCL grants you the right to load or utilize only Aptus Server and does not entitle you to load or utilizeany Server Software components of Aptus Server which you have acquired separately or as part of any other ShaoLinAptus product.

c) Reservation Of Rights. All rights not expressly granted are reserved by ShaoLin

2. DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS

a) Version Limitation. The Server Software contains a certain version number (such as version ”2.2”). This CCLpermits you to load or otherwise utilize the root file system and application files of: (i) any Server Software with thesame digits to the left and immediately to the right of the version number”s decimal point as the digits in the ServerSoftware version number listed above, or (ii) any Server Software with a lower version number than the versionnumber of the Server Software listed above. From time to time, ShaoLin may, in its sole discretion, permit you to usethis CCL to load Server Software with a higher version number of the Server Software listed above.

b) Not For Resale Client CPU License. If this CCL is labeled ”Evaluation Only” or ”Not for Resales”, or is providedto you in conjunction with Server Software that is labeled ”Evaluation Only” or ”Not for Resales”, then you mayuse this CCL only to load or otherwise utilize the root file system and application files of Server Software labeled”Evaluation Only” or ”Not for Resales”.

4


c) School Edition. If this CCL is identified as ”School Edition”, you must be a ”Qualified Educational User” to use it.If you are not a Qualified Educational User, you have no rights under under this CCL.

d) Client CPU License Transfer. You may transfer this CCL to another CPU only on a permanent basis (this is, withintent to transfer again) provided the CPU from which you have transferred the CCL no longer loades or otherwiseutilizes the root file system and application files of Server Software. You may change this CCL has been designatedto load only in conjunction with a transfer of the Server Software to another computer or a permanent transfer of theServer Software, in accordance with the terms of the Server License for ShaoLin Aptus (”Server License”). The initialuser of this CCL may make a one-time permanent transfer of this CCL only directly to an end user. Such transfer maynot be by way of consignment or any other indirect transfer. The transferee of such one-time transfer must agree tocomply with the terms of this CCL, including the obligation not to further transfer CCL.

e) Termination. Without prejudice to any other rights, ShaoLin may terminate this CCL if you fail to comply withthe terms and conditions of this CCL. In such event, the Server License for the Server Software that you used inconjunction with the CCL that was terminated is also terminated, and you must destroy all copies of such ServerSoftware and its CCL.

f) Upgrade. If this CCL is labelled as an upgrade, you must have a valid CCL for the prior version of the product thatis being upgraded (”Eligible Product”) for this CCL to be valid, and this CCL must be used to replace such CCL forteh Eligible Product. The total number of CCL ”Upgrade” you may acquire may not exceed the total number of CCLsthat you had already acquired for the Eligible Product at the time you upgraded to the Server Software listed above.

g) Disclaimer Of Warranties. To the maximum extent permitted by applicable law, ShaoLin and its distributors andresellers (each of the foregoing a ”Suppliers”) provide this CCL as is and with all faults, and hereby disclaim allwarranties and conditions, either express, implied or statutory, including, but not limited to, any (if any) implied war-ranties or conditions of merchantability, of fitness for a particular purpose, of accuracy or completeness of responses,of results, and of lack of negligence or lack of workmanlike effort, all with regard to this CCL. Also, there is nowarranty or condition of title, quiet enjoyment, quiet possession, correspondence to description or non-infringementwith regard to this CCL.

h) Exclusion Of Incidental, Consequential And Certain Order Demages. To the maximum extent permitted by appli-cable law, in no event shall ShaoLin or its Suppliers be liable for any special, incidental, indirect, or consequentialdamages whatsoever (including, but not limited to, demages for loss of profits or confidential or other information,for business interruption, for personal injury, for loss of privacy, for failure to meet any duty including of good faithor of reasonable care, for negligence, and for any other pecuniary or other loss whatsoever) arising out of or in anyway related to this CCL, even in the fault, tort (including negligence), strict liability, breach of contract or breach ofwarranty of ShaoLin or any supplier, and even if ShaoLin or any Supplier has been advised of the possibility of suchdamages.

i) Limitation Of Liability And Execlusive Remedy. Notwithstanding any damages that you might incur for any reasonwhatsoever (including, without limitation, all demages referenced above and all direct or general demages), the entireliability of ShaoLin and any of its Suppliers under any provision of this CCL and your execlusive remedy for all director general damages), the entire liability of ShaoLin any any of its Suppliers under any provision of this CCL and yourexeclusive remedy for all of the foregoing shall be limited to the greater of the amount actually paid by you for thisCCL. The foregoing limitations, exclusions and disclaimers (including Clause 2g), 2h) and 2i) above) shall apply tothe maximum extent permitted by applicable law, even if any remedy fails of its essential purpose.

j) Export Restrictions. You agree that you will not export or re-export the CCL, any part thereof, or any process orservice that is the direct product of the CCL, to any country, person or entity subject to export restrictions of HKSAR.

k) Applicable Law. If you acquired this CCL in Hong Kong Special Administrative Region (”HKSAR”), this CCL isgoverned by the laws of HKSAR. If this CCL was acquired outside the HKSAR, then please refer to the ApplicableLaw of the city, state, province, or country of territory.

5

PrefaceThank you for purchasing ShaoLin Aptus. We are proud to delivery the state-of-the-art world first true Fit Clientsolution to users. Enabling system administrators to deploy Linux desktops in minutes without having to installingLinux to individual PC’s. With this new innovative technology, client server network computing no longer have therestriction of server bottle necks and other limitation of network computing. User experience on PC’s is now boughtto client server computing together on a centralize managed computing system. Other than management and security,the Fit Client network computing architecture also lowered the cost of client hardware with the possibility of runningdiskless clients. Diskless clients also improves the reliability of a traditional PC. On going cost for electricity and harddrive replacement is also minized. One of the incredible ability of ShaoLin Aptus is to turn all your existing PC’sinto manageable Fit Clients by reusing all existing hardware and infrastructure, without having to reinvest on newcomputer hardware.

The core tehcnology of ShaoLin Aptus is based on the Linux kernel environment with the best possible performanceand efficiency. The ultimate scalability of the Aptus Fit Client system ensures minimize of IT reinvestment. With thelow cost Linux servers plus the Fit Client computing environment, the total cost of ownership and acquisition arelowered tremendously comparing using a traditional standalone fat client PC network.

ShaoLin Microsystems are commited to deliver quality service and support. Our web site offer product updates,mailling lists, FAQ and the option of contacting our professional support team. The information on our web site arevaluable customer experience and input from our professional development team.

New features in the new ShaoLin Aptus 2.0 makes installation even more easier. Supporting the standard PXE bootprotocol which is equipped in most of the new PC’s. Our new ShaoLin Aptus Professional Edition include featureslike messaging to client screens, remote control of host shutdown and restart, force user logout, multi-login controland equipped with the most important Cogo Compression File System storage technology. With Professional Edition,it even further extends your existing network capacity and storage capacity without forklift upgrades or hardwareinvestment.

Our objective is to provide enterprise computer users to maximize their productivity by maximizing system reliabilityand manageability. We provide the most stable, easy, manageable and cost effective solution for network computing.ShaoLin Aptus provides an efficient way of manage your system togther using the advantage of Linux.

Once again, thank you for purchasing shaoLin Aptus and we look forward to hear your comments and suggestions!

vi

I. Getting started

Chapter 1. IntroductionThis document describes the general installation procedure of Aptus version 2.0 using Aptus installer and settingup the system using the Aptus server Webmin interface (Aptus Configurator). For more advanced or technicalreference please read the "Aptus Administration Reference Manual" located in the CD-ROM or available athttp://www.shaolinmicro.com . This document assumes the reader have enough Linux knowledge to operate at thecommand line, and has experience in Linux administration.

This document intends to give a step-by-step procedure to setup the Aptus on a Linux server using standard approachfor new users. It assumes you are running a single server installation and you want your clients to share all the files anduser accounts with your server. It is recommended for users intended to do customized and advanced setups to alsoread the "Aptus Administration Reference Manual" after reading this document. However, this document still servesas a basic knowledge for any Aptus administrators and is amust readdocument. The latest version of this documentshould be in ShaoLin Microsystems Official website (http://www.shaolinmicro.com).

1.1. CopyrightCopyright © 2002 ShaoLin Microsystems Limited. All rights reserved.

Users may freely distribute this document in soft or hard copies provided the above copyright is retained.

1.2. DisclaimerAll copyrights are owned by their owners, unless specifically noted otherwise. Use of a term in this document shouldnot be regarded as affecting the validity of any trademark or service mark.

Naming of particular products or brands should not be seen as endorsements.

You are strongly recommended to take a backup of your system before major installation. You should test your backupcopy before doing deletion.

1.3. Feedbacks and CommentsTo provide the best quality of service to users. We appreciate for any feedbacks and comments. If you find any mistakesin this document, please feel free to send feedbacks and comments to [email protected] withthe subject

AS2-v2.0.9-2003-07-04

and clearing indicate the error.

1.4. Product RegistrationYou have to go to the on-line registration to obtain a license key to make Aptus fully functional. You can go toproduct registration page (http://support.shaolinmicro.com/aptus) for registration, after registration with the correct

1

Chapter 1. Introduction

registration key located in the box, you will automatically receive a confirmation email, follow this email to get thelicense file. This license file contains a serial number and a license key to use with Aptus. You have to place thislicense file in /etc/shaolin/aptuslic.txt at the server. If you already obtain a license key from the product reseller, youdon’t have to register.

1.5. Purchase InformationIf you wish to purchase additional Client CPU Licenses for Aptus, you can contact [email protected](mailto:[email protected]) or contact your local reseller for more details.

ShaoLin Microsystems Sales Hotline Phone: +852 2352 5568 Fax: +852 23525576 Email: [email protected]

1.6. Getting SupportIf you have purchased Aptus from a local reseller, you should contact your local reseller or distributor for support. Ifyou are looking for something free, you can always get free support by subscribing the on-line ShaoLin Aptus maillinglist (http://www.shaolinmicro.com/support/maillist.php) to get help from other users and our technical support team.

1.7. Reader PrerequisitesHere we assume the readers have some Linux experience and have knowledge in Unix TCP/IP networking and thefollowing experience.

• Understand the file system standard. See the Filesystem Hierarchy Standard homepage(http://www.pathname.com).

• Using NIS (Network Information Service) for centralizing authentication over the network for multiple hostsenvironment. See Linux NIS project page (http://www.linux-nis.org).

• Using ntpd (The network time protocol daemon) to synchronize time across network. See NTP distribution page(http://www.eecis.udel.edu/~ntp/ntp_spool/html/) for more details.

• Setting up NFS (Network File System) exports in Linux and manage the /etc/fstab . See NFS Howto(http://www.tldp.org/HOWTO/NFS-HOWTO/index.html) or see the NFS homepage (http://nfs.sourceforge.net).

• Know how to use a web browser connecting to Webmin (http://www.webmin.com) for remote GUI administration.

• Using RPM (Redhat Package Manager) to install/uninstall packages. See <65533> (http://www.rpm.org).

If you don’t have the above experience, it is recommended to read the above references or related HOWTO’s orreference document before continue reading this document.

2

Chapter 1. Introduction

1.8. Changes in this documentSince Aptus 2.0.9, the Aptus server root location is changed from/aptus to /var/opt/aptus . If youare using Aptus 2.0.8 or older release, you may find some difference in the path names. Generally, allthings still applies. For changes and release history of Aptus 2.0, please refer to the latest release notes(http://www.shaolinmicro.com/support/doc/aptus_release.html) available online.

3

Chapter 2. Installation OverviewBefore proceed to Aptus installation, you probably want to check your system requirements and gather some back-ground knowledge about Aptus and Linux .

2.1. Server Hardware Requirements

2.1.1. DisksYou will need to have at least 10 megs of free space in/opt , 10 megs of free space in/usr , more than 30 megs in/and 30 megs of temporary space to install Aptus in your Linux server.

2.1.2. CPUAt least a Pentium 166MHz grade server, a multiple processor SMP system is recommended to handle multiple requestconcurrently with higher response and performance.

2.1.3. Memory128MB minimum, suggest 256MB RAM for better performance. Memory at server is mainly used as page cache(cache for file systems). More memory at server will speed up subsequent read/write to the server’s file system andreduce disk I/O significantly.

2.1.4. OtherAt least one 10/100Mbps based Ethernet adapter for connectivity to Aptus clients, You might need more adapters torun multiple-subnets and separate out network traffic and network security.

2.2. Client hardware requirementAptus clients boot with a special kernel image. Kernel images are CPU and network adapters dependent. Aptus prebuiltnetwork bootable client kernel images which compatible with most of the common x86 CPUs and Linux supportednetwork adapters,

4

Chapter 2. Installation Overview

2.2.1. CPUClient CPU requirement is Pentium class or above. Aptus works with most of the common x86 based architectures.List of processors types are known to work with ShaoLin Aptus 2.0

• AMD K6/K6-II/K6-III/Thunderbird/Athlon/Duron/K7

• Intel Pentium/MMX/Pentium Pro/Pentium II/Pentium III/Celeron/Xeon/Pentium IV/Xeon

• Cyrix - VIA C3/5x86

• IBM - 6x86/5x86

If your server and client use different type of CPU, you have to make sure application binaries installed at the serverare binary compatible with the client, seeSection 2.4.4for more details.

2.2.2. Network AdapterThe latest release of Aptus (version greater than 2.0.6) supports all of the network adapters which as a valid Linuxdriver in kernel 2.4.19. It also has support for PXE clients. That means client machines which has equipped with aPXE enabled network adapter does not need extra boot ROM or boot media to boot Linux with Aptus . Most of thebranded PC’s such as HP, IBM and Dell do have a PXE boot ROM built-in as a standard option. Also Intel and 3Comnetwork cards are also equipped with PXE boot ROMs.

2.2.3. Other hardware requirementIf you don’t have a PXE enabled network card. You will need a standard floppy drive at the client to load the Aptusclient boot disk which contains the Etherboot firmware. The boot program can later burn into a boot ROM for disklessclients, or copy to the hard drive as a DOS executable binary. For more details, see the section calledChapter 6.

2.3. Network Equipment

2.3.1. Ethernet switch or hubA 10/100Mbps network switch or hub is required to connect more than 1 client on the network. Make sure you haveenough RJ45 cables to hook up the required connections.

2.3.2. RJ45 Crossover cableIf you are just testing your setup, you can use a RJ45 CAT-5 crossover cable to link up the server and client.

5


2.4. Software Requirements

2.4.1. Linux distributionsAptus supports most of the common Linux distributions that use the Linux 2.4 series kernel andglibc 2.2, 2.3 OSes. Please refer to the latest release notes of Aptus 2.0 which a copy of it shouldbe in your Aptus 2.0 CD-ROM and it is also available from ShaoLin Microsystems Official website(http://www.shaolinmicro.com/support/doc/aptus_release.html).

2.4.2. Linux kernel versionsAptus support stock kernels, that means which are the kernels that are pre-compiled and distributed by the above dis-tributions originally or updates. If you which to use other customized kernel, please contact [email protected].

2.4.3. Required packagesThe following software must be installed before you can install ShaoLin Aptus. These packages normally comes witha standard Linux distribution, so you should install it first when you first setup your Linux box.

• The network time protocol daemonntpd , ntp-4.1.0 or above.

• The NFS utilitiesnfs-utils , nfs-utils-0.3.1 or above.

• The NIS clientypbind , ypbind-1.8-1 of above.

• The NIS serverypserv , ypserv-1.3.12 of above.

• The TFTP servertftpd if you want to use PXE.

• The inetd or xinetd to use tftpd.

• XFree86, you will need this to run X-Windows systemXFree86 , XFree86-4.1.0 of above.

• Glibc 2.2 . The GNU libc libraries.

• stat-2.x or above. A tool for finding out information about a specified file.

You can check it with the commandrpm -q <package-name>" to see if it is installed. If not, they are alwaysavailable from your original Linux installation CD’s .

2.4.4. Mixed hardware environmentSince Aptus shares all the files including program files from the server with the client. You have to make sure theapplication binaries (program files) you’ve installed at the server are compatible with your client CPU. RPM packageshave a file extension to indicate which CPU type it is compiled for and are described in the following way

6


• i686, Intel Celeron, Pentium II/III/IV/Xeon, AMD Athlon, Duron, VIA C3-II

• i586, Intel Pentium/MMX, Cyrix 5x86, IBM 6x86, AMD K6, Via C3 and Winchip

• i486, Intel 80486

• i386, All Intel 80386 compatible.

If your client are using different CPU type with the server, distribution installer might have installed some binariesthat are not compatible with your client CPU. For example, you have a Pentium III server, and a Pentium or K6client, it is likely your Linux distribution will have an optimized version of glibc package for your CPU,glibc-

2.2.5.i686.rpm package which is not compatible with the client CPU (i586 this case). You can check by thefollowing commandrpm -q <package name> --qf "%{NAME}.%{VERSION}.%{ARCH}" to see if this is yourcase. Usually the rest of the packages are i386 compatible.

To fix this problem, you have to locate the corresponding package and use a binary compatible version. Usually youcan find it in your Linux CD, you should able to find older CPU supported packages like i386 and i586. For the aboveexample, the package glibc-2.2.5.i586.rpm will be suitable for both client and server. You have to use the commandrpm -Uvh --force glibc-2.2.5.i586.rpm, to force installing the same package with a different architecture. For glibcproblem, you will also have to remove the directory /lib/i686 at the server and run the ldconfig command to completethe process.

2.5. Aptus ComponentsYou might want to know little bit more about Aptus before installation. This is a brief introduction of Aptus compo-nents.

Aptus file systems

Aptus provides the Intelligent Union Architecture on Linux (IUA), which is an implementation of global namespace shared-root file system. Aptus uses the Union File System (Unionfs) at the server to separate non shareablefiles with the clients. It is used to secure server files and separate all the non-shareable information betweenserver and clients, leaving all the remaining files shared. This design also minimize duplication of configurationfiles, allowing centralization of configuration modifications at the server.

Root file system templates

Rootfs template is a distribution specific package. Rootfs template define rule sets in IUA which tells Unionfsthe rules for non-shareable files, such as server system configurations and network configurations. It provides arule set forUnionFSto control the file system behavior. Other than data separation, it also provides a differentSystem V init mechanism for clients. So that it handles Aptus clients bootup which differs from the server.

Aptus server

Aptus provides remote boot service. The "Aptus server daemon (aptusd)" handling Aptus client remote bootrequests and DHCP requests. It is used for network address management for Aptus clients. For "aptusd" versiongreater or equal to 2.0.6 have built-in support for PXE clients. You can now boot Linux using Aptus with standardPXE boot roms.

7


Aptus client kernel

Aptus clients use a special Linux kernel to boot, the kernel image is stored at the server’s file system and is thenloaded through NFS or tftp at boot time.

Remote boot firmware

Etherboot, which is a set of client remote boot firmware. You will need Etherboot if your client doesn’t have abuilt-in PXE boot rom . It supports most of the Linux supported Ethernet adapters. Individual Ethernet adaptersrequires a different boot firmware that has its network device drivers built-in, each of those exists in the form ofboot floppy disk image, DOS executable binary or binary boot ROM image. At startup, the boot firmware sendsrequests to Aptus server and load the kernel image over the network. The client executes the downloaded kerneland mount its file system over the network.

Aptus Configurator

Aptus provides a GUI management tool called "Aptus Configurator" which is a Webmin module. You will alsoneed Webmin to run "Aptus Configurator". "Aptus Configurator" automates all the complex configurations bynot require users to edit configuration files and manage services manually.

The aim of Aptus is to replicate the same Linux OS on the client using a distributed file systems approach and providesa synchronized global name space and security management across multiple Linux machines. So that applications andconfigurations at the server will be shared by clients automatically, this will make system administration centralized.After installation, a directory/var/opt/aptus will be created, this directory is refered as the Aptus Server Rootwhich contains all the important files used by Aptus clients and the Union Filesystem mount points.

Aptus also requires configure various services at the server. Such as the time server which is used to synchronize timeswith clients and server, remote logging of client log messages, NIS (Network Information Service) for centralized useraccount management(optional, system administrators can choose to use LDAP and other services), and NFS (NetworkFile System) server to export file systems and share with Aptus clients over ethernet.

For more details and technical details, please see the sectionAppendix A.

8

Chapter 3. Planning your system and networkThis chapter is for users who intended to install Aptus on an existing Linux server, or will put their Aptus server intoexisting network infrastructure

3.1. Migration issuesIf you are migrating to Aptus in your existing network, you must read the following. This include issues with DHCPserver, Windows networking and other networks.

3.1.1. DHCP serversIf you have a DHCP server in the network, Aptus server can co-exists with other DHCP servers without interference,also Aptus clients will not listen to other DHCP servers as well. But for ease of centralized IP address management,we strongly recommend you to turn off your existing DHCP server because Aptus already got a build-in DHCPservice. If you are running the old ISC-DHCP server version 2 which comes with most of the common Linux dis-tributions, the old DHCP configuration file /etc/dhcpd.conf is compatible with Aptus, you will just need to copy theold /etc/dhcpd.conf to /etc/var/opt/aptus/var/opt/aptusd.conf then it will automatically recognizethe old settings.

3.1.2. FirewallsSome distributions such as Redhat 7.2 and 7.3 turn on a firewall by default. Since Aptus requires a trusted interface toconnect to Aptus clients, that means you have to disable filtering for the interface that is connected to Aptus clients.You can still have your firewall on for other network interfaces.

If you would like to setup Aptus with a firewall, there are some consideration on the nfs mount daemon and you cannotuse NIS to do user authentication. There are some discussion about setting up NFS with a firewall, please see the NFSHowto (http://www.tldp.org/HOWTO/NFS-HOWTO/index.html) for more details.

3.1.3. NIS serversBy default, Aptus server uses NIS to authenticate users from Aptus clients. If you already have NIS server in thenetwork, Aptus server can co-exists with other NIS servers in the network. Users can still authenticate to youroriginal NIS server, and you can configure Aptus server to bind to your original NIS server. Modify the file/var/opt/aptus/mygroup/groupfs/etc/yp.conf or go to "Aptus Configurator" -> "NIS Client" to changethe group or host setting. Note, you will have to disable NIS in "Aptus Configurator" -> "Module Config" (at themain page), set "use NIS" to "No".

3.1.4. Terminal serversIf your existing Linux server is a terminal server, you can install Aptus in your server where Aptus and the terminalservice can co-exists. If your terminal server is running a DHCP server, seeSection 3.1.1.

9

Chapter 3. Planning your system and network

3.1.5. Other UnixesSince most of the Unix support NFS, Aptus clients and server can use NFS mounts to access to existing Unix server’sfile systems. You may want to synchronize some security control with other Unix boxes using NIS.

3.1.6. Windows and DOSTechnically, Windows and DOS will live with Linux without interference. Aptus server can also serve Windows andDOS clients with Samba server, you may also use the Aptus server as a DHCP service for Window clients as well.However, Aptus use RPC (Remote procedure calls) with NFS (Network File Systems), which comes from a Unixbackground and assumes the network is friendly with secure ports. MS-Windows and DOS are single user OSeswhich does not have the concept of secure ports, see theSection 7.3for more details.

3.2. Hardware selection, performance and reliabilityfactorsThere are 2 types of hardware in a machine that are likely to fail easily, the disk drives and the power supply. Wesuggest hot-plug SCSI RAID disk drives, redundant power supply with UPS. This is a standard hardware configurationof a modern file server. For performance considerations, dual Pentium processors, 2 x 100Mbps network card, using100Mbps switches, this will adequate to serve 50+ diskless clients, actual performance depends on the applicationyou are going to run on the client.

For heavy duty, you might consider gigabit back plane solutions. The administrator have to make sure the disk spaceusage or setup disk quotas for your users. You may also read the Aptus whitepapers on-line to gather more informationabout network bandwidth calculations.

Running diskless clients can also add load to the server, if your client machines have very little memory, we suggestyou to use local disk drives at the client for swaps with trade-off a little administration work and little risk of failure inthe clietn machine. If going for diskless clients is a must, it is suggested diskless clients should have 256MB memoryor more in running large applications like OpenOffice and KDE. You may also setup a separate swap server to eat theswap I/O from Aptus clients which will reduce the disk I/O load for your Aptus server.

10

II. Installation and configurations

Chapter 4. Aptus Installation

4.1. OverviewTo install Aptus, you will need to either download the latest version of Aptus Installer from ShaoLin Microsystem’sdownload site (http://download.shaolinmicro.com) or obtain the CD-ROM of the Aptus software from a ShaoLin Ap-tus box set purchased from your local vendor. Before start actual installation, it is good to know about the installationsteps.

• check for system requirement.

• Install software.

• create basic configurations (e.g. Network, groups)

• Create a host profile.

• Configure the host and replicate the configured host profile to other hosts profiles.

4.2. Start the Aptus installer from CD-ROMYou have to run the Aptus installer to install Aptus.

4.2.1. Starting from consoleYou need to login as root user to install Aptus. If you are installing via CD-ROM, you have to mount the CD-ROMdrive, for example, insert the disk and type

mount /mnt/cdromcd /mnt/cdrom

The Aptus installer should be just located in the root directory of the CD-ROM, run the installer by typing "./in-staller.sh" from there. If the installer has started successfully, simply follow the instructions and steps provided by theinstaller to complete the installation.

4.2.2. Starting with auto-runIf you have logged in as root in a GUI environment (e.g. Gnome, KDE) with auto-run enabled. AnswerYes whenprompt to executeAuto-run upon CD-ROM insertion. This will immediately start the Aptus installer. If the installerhas started successfully, simply follow the instructions and steps provided by the installer to complete the installation.

12


4.3. Download version installationYou should download the installer that suits your distribution and save all the client RPM packages with the installerin the same directory. The installer is a self executable package. You have to change the file mode to executable andexecute the installer. Login as root and type the following.

chmod +x aptus-installer-2.0.6-redhat-linux-8.0.sh./var/opt/aptus-installer-2.0.6-redhat-linux-8.0.sh

Filename may be different depends on which Linux distribution you are using.

4.4. Starting the installerThe installer will first ask you to accept the license agreement to continue the installation, you should say ’Y’ here toaccept three license agreement in order to legally install the software.

4.5. Check for Linux distribution supportThe installer will detect if you are trying to install Aptus 2.0 software on one of the supported Linux distributions, seeSection 2.4.1.

4.6. Check for required packagesThe installer will check for all required packages before proceeding for installation, please seeSection 2.4.3.

4.6.1. Webmin checkingAptus installer will first search for installed copy of Webmin. If it is not found, the installer will install the Webminversion bundle in the CD ROM for you. Or if you are running a downloaded version of the installer, the installer willtry to find the Webmin package in the installer’s directory itself.

4.6.2. Other packagesThe installer will also check for other required package, please seeSection 2.4.3.

13


4.7. Software installationOnce the installer verifies you have all the required packages, the installer will ask you to really proceed installation,answer "Y" to begin install or "N" to quit. Here is a list of software packages going to be installed and some briefdescriptions.

Union File System (unionfs)

The Union File system is used to make the server’s root file system share

Root File System Templates

The rootfs template is a distribution specific RPM contain the necessary files and directories to be used by groupsof Aptus clients. The installer detects and installs the correct version for you.

Aptus Configurator

The Aptus Configurator is the Webmin plug-in modules for configuring Aptus software.

Aptus server daemon (aptusd)

Aptus server daemon (aptusd) is a DHCP server compatible program that provides boot-up parameters to youAptus client. In addition, you can use aptusd as a normal DHCP server on your local area network. It also supportsstandard PXE clients.

Cogo File System

Cogo File System is a compression file system. This package enables file compression and is only available forthe ShaoLin Aptus 2.0 Professional Edition only.

Aptus client Linux kernel

Aptus client’s Linux kernel is installed at the server. However, the kernel is not used by the server which theyonly store at the server’s and loaded by the clients through network instead.

Aptus client add-on modules

Some additional kernel modules provided by ShaoLin Microsystems, contains additional modules for Aptusclients.

Aptus client Linux kernel

Aptus client’s Linux kernel is installed at the server. However, the kernel is not used by the server which theyonly store at the server’s and loaded by the clients through network instead.

Aptus client control tools

Aptus client control tools is a package contain remote monitoring facility for Aptus clients. It also containsecurity modules that allow to control multi-logins by a single user. This package is only available for the ShaoLinAptus 2.0 Professional Edition only.

Aptus client CogoFS

Cogo File System for Aptus clients. This package is only available for the ShaoLin Aptus 2.0 ProfessionalEdition only.

14


Aptus client NFS utilities

NFS utilities for Aptus clients.

Aptus MKNBI (optional)

This is the package contain tools to generate .nb (network bootable kernel images) from the standard bzImageformat. This package is optional unless you are compiling your own Aptus client kernel.

Etherboot (optional)

The Etherboot RPM contains commonly available boot-up diskette and boot ROM image for different NICs.You will need Etherboot to create a boot disk for your Aptus client machine if PXE boot ROM is not availableon your client NIC.

Webmin

Webmin is a powerful web based administration tool. It provides a web based interface of various Linux ap-plications and administration. You will need it to allow configuring Aptus via the web interface with AptusConfigurator. Please check Webmin official web site (http://www.webmin.com) for more details.

4.8. Finishing installation

4.8.1. Removing existing DHCP RPM packageUp to now, all the necessary RPM files are installed for server and client access. The installer will check if you havetheDHCP RPM installed on this system. If yes, you are advised to remove it as Aptus server daemon is compatiblewith the Internet Software Consortium DHCP 2 package. If you are using a different version of DHCP server, say no.

4.8.2. Create client boot disks (optional)The installer will ask you to create Aptus client boot floppy disks. You may want to say ’Y’ here is you don’t havePXE boot ROMs at the client or you want to use boot floppies to boot your clients. Please see the sectionChapter 6.

4.8.3. Checking license fileLastly, the installer will check if you have the license file ready in the system. If you don’t have a license file, Aptusserver will not be able to start. Please make sure you have copied theaptuslic.txt file to /etc/shaolin beforeconfiguring Aptus server.

The installation has complete, next you will have to connect to the Webmin interface and start configure your server.

15

Chapter 5. Quick setup with Aptus ConfiguratorThe Aptus Configurator Webmin module is a powerful configuration tool allow you to create groups of AptusClients and manage their bootup and network configurations through a web browser remotely. Here is a simple expla-nation how you can create and setup tons of Aptus clients within a short time, the Aptus server work this way. First ofall, you have to create a group where this group will future contains a lots of Aptus clients sharing most of the groupconfigurations. You will have to create an configure 1 client manually, then this client will be your default host. Nextyou can duplicate this host and make lots of copy of this host

5.1. Notes to CogoFS usersIf you are planning to use CogoFS, you should setup CogoFS before configuring Aptus . For more information on Co-goFS setup, please see the CogoFS-HOWTO (http://www.shaolinmicro.com/support/doc/cogofs-howto/index.html).

5.2. Connecting to Webmin interfaceBy default Webmin is started and listening on port 10000. You can connect it with a web browser by typing http://your-aptus-server:10000 to connect. Use "root" as your login id and your root password to login.

After you have connected to Webmin, choose the "Server" category and click on the "Aptus Configurator" icon tostart Aptus server configuration.

5.3. License file checking and registrationIf you are the first time starting the Aptus Configurator module, and you don’t have a license file in/etc/shaolin/aptuslic.txt , Aptus Configurator will ask you to upload a valid license file. You may click onto"Upload a New License file" to upload the license file. Or you can follow the link to the support website to registerand get a valid license file.

5.4. Basic system setupAptus Configurator will ask you a few questions about the basic setup of the system.

5.4.1. Starting required servicesThe following services are checked by Aptus Configurator to see they have been started properly. They include, TFTPserver (tftpd), NFS server (nfs) and Time server (ntpd) .

16

Chapter 5. Quick setup with Aptus Configurator

5.4.2. NIS serverTo centralize you user account and using netgroup authentication, NIS system is required. Some users may have anexisting NIS server such that they don’t want the Aptus server to be the master NIS server, in this case you want tosay "No". If unsure, say "Yes".

5.5. Binding network adapter to AptusWhen you first come into Aptus Configurator, none of your network adapter is bind to Aptus server daemon. You willbe automatically redirect to network configuration page. Click on to the corresponding "Not Active" link to activatethe network. You will see a page with a "Yes" and "No" button. The checkboxes in the middle suggests to enable detectunknown Aptus hosts (client boot with Etherboot seeEtherbootfor more deatils) and PXE clients by default. Thisway, you don’t have to type in the MAC address of individual Aptus hosts, since the server will remember unknownclient MAC addresses. Click "Yes" to activate the network adapter.

5.5.1. Enable Detect PXE ClientsCheck the box "Enabled detect PXE clients" which will make Aptus to capture PXE client requests. PXE is a standardbooting protocol defined by Intel . Most of the up-to-date PC’s that has an onboard ethernet adapter now equippedwith a PXE bootrom. Some PXE bootrom need to be enabled through the system BIOS before it can be used. Youmay also want to change the boot order from your system BIOS menu to enable "LAN boot" or "Network boot". Fordetail information, please refer to your system bios setup guide for more details.

5.6. Create your first Aptus GroupA Groupis a number of Aptus hosts (Aptus clients) that share a set of similar configurations. Technically, it shares thesome set of configuration files. Click onto "Create New Group" to create a group. Notice, to standard Aptus editionwill only allow you to create one group. If you wish to have multiple group configuraitons, you will need to upgradeto Professional Edition or higher. Please contact ShaoLin Microsystems sales department for more information.

5.6.1. Choose a group nameEnter a group name (no spaces and special characters), this will create a group path under /var/opt/aptus/<groupname>and Aptus will create anetgroupif NIS is enabled.

5.6.2. Use NISAptus Configurator will help you to configure NIS. If you want to use NIS for authentication, you have to fill in thefollowing fields. If not, you can say "No" here and skip to the next section. Remember you need a domain controlsystem such as NIS or LDAP to centralize all your user login information across multiple machines.

17


5.6.2.1. NIS Domain

The NIS domain is the domain name for NIS (Network Information Service), this is used for user account, homedirectories, host name lookup and authentication and many other important services in Unix networks. By default,Aptus Configurator automatically suggests the NIS domain name of the server, you can input a different domain nameif your clients use a different NIS domain with a separate NIS server.

5.6.2.2. Find NIS server

By default Aptus clients will use broadcast for NIS server. If your NIS server lives in the same subnet of the client,you can use broadcast to find the NIS server or else please input the host name or IP address of the NIS server. If yourserver is the NIS server, you can use broadcast.

5.6.3. Network Time ServerBy default, Aptus Configurator will use your machine as the network time server, if you have another time server,please type it here. Please also make sure the time server is reachable by the clients, remember to layout your networkcorrectly or if your time server is in another subnets, the clients will need a gateway (router) to reach it. Select "Donot use time server" for disabling time server services, it is important to have time synchronized in a closely coupledsystem, file time and dates may be wrong if not synchronized correctly.

5.6.4. Allow root loginYou may want to allow root login when first you create your group, this allow root to login into the group of machineslocally. Notice, root user is a per host user special user and have different password in different machine, here you canspecify a root password for the whole group, later on you might want to change it individually later.

5.6.5. Finishing upClick on "Create Group" and create the group. You should see a successful message upon successful creation. If youencounter an error please check your form values.

5.7. Connecting a client to the serverAfter you created your group, the system will bring you to create the first Aptus client. A client record need to becreated in order to allow the client to connect and boot from the server.

5.7.1. Hook up the client to networkYour client and server should be located or connected within the same physical network. This is because the serverneeds to receive broadcast messages from the client. Make sure you check the connection before proceeding to the

18


next step. A crossover cable will be the best choice to ensure no interruption for testing the first time setup.

5.7.2. Booting up the clientYou have to turn on the clients and using a special way of booting instead of using your local hard drive. There aregenerally 2 ways to boot an Aptus client, use PXE or Etherboot.

5.7.2.1. PXE clients

If you have disabled the PXE boot rom , you will have to re-enabled the PXE boot rom at the BIOS or the PXEfirmware used to have their own setup interface. Usually they can be entered with a key-stroke (e.g.Ctrl -S) , pleaserefer to your boot up console message or operation manual of your NIC.

If the PXE has been activated, you should see some message "DHCP ........." . At this point, the client cannot connectto the server yet until a proper client profile has created at the server.

5.7.2.2. The Aptus client Etherboot boot disk

If you don’t have PXE bootrom on your ethernet adapter, you should have your client boot disk ready, if not pleasego toChapter 6. Put in the Aptus client boot disk into the client machine, please enable boot from floppy or you willhave to change this setting usually in the BIOS setup screen. To enter the BIOS screen, hit the ’Delete’ key on startup,some system may use a different keystroke. When you client boots up with the boot floppy, you will see a menu. Hit"N" to boot from network (default), it should show a message "Searching for Aptus server...". if you don’t see thismessage, you may have created a wrong boot disk with the wrong driver. Please check your network hardware. Youcan choose to boot to local disk by hitting "L" at boot disk startup.

If everything goes fine, you should see the message "Searching for Aptus server", by this time, your client will timeoutand retry again and again. This is a correct behavior, because you have not setup the server to recognize this client yet.

5.7.3. Server side authorization

5.7.3.1. Setup(1) with autodetect enabled

If you have enabled detect unknown Aptus host for your network configuration, you click on to the "Detected unknownAptus hosts" page. You should see a detected record with MAC address and time. You may click on to the record,then a page of group selection will come up. Select the group you wish to add this client into, then hit "OK".

5.7.3.2. Setup(2) manual

Please copy the line "addr XX:XX:XX:XX:XX:XX", the 6 hexadecimals which is the Ethernet ID (MAC Address) ofthe network adapter of the client, you will need this address later on.

19


5.7.4. Create host informationWhen creating a host, the Aptus configurator actually create an entry in the con-figuration file /etc/var/opt/aptus/var/opt/aptusd.conf and create a copy ofhostfs in"/var/opt/aptus/<groupname>/hosts/<hostname>/". This directory we called ithostfs is a file system (or adirectory) contains all the files belong to this host (the host now you intend to create). The files under thishostfs

will later be seen (by the client) in the root ( / ) of the client’s context (at the client’s point of view).

5.7.4.1. Enter the host name

The host name of the Aptus Client must be unique, it does not accept spaces and special characters.

5.7.4.2. Network Addresses

If you have autodetect enabled, you will just have to type in the IP address. Or please type in the MAC address youcopied from the client screen, if you have not obtained the mac address, please goSection 5.7.3.2. If you have multiplesubnets, you can select the desired subnets to add your host into, Aptus configurator will choose the correct subnet bydefault(If you are adding a detected host). Aptus configurator automatically suggest the next available IP address inthe subnet, if you have other clients in the network please verify the IP address is not in used by another client. Youwill also need to specify the default gateway of the client if you want the client to reach the outside network or theInternet.

5.7.4.3. Number of CPUs

You will need to specify the number of CPUs so that the to keep the license valid. Using the wrong number of CPUwill cause your Aptus client unable to startup properly.

5.7.4.4. Select the boot kernel

lease select the correct boot image for you client, it depends on the processor type and network adapter type that youare using. The files default locations are in "/tftpboot/kernel" named with "<kernelversion>-<arch>-<netdevice>.nb".If you choose the wrong file, the client won’t boot. Please use the latest boot image named "LATEST-<arch>.nb", thedefault is to use LATEST-i586.nb .

5.7.4.5. Click save

You may click "Save Changes" to create the host now. Make sure you have a direct connection (within the samenetwork) from your client to your Aptus server. You should be able to boot up your Aptus Client by now.

5.8. Client startupAfter you successfully created the host profile at the server, the client will load the boot strap from the server.

20


5.8.1. Booting with Etherboot and PXEIf you are using PXE boot rom, your client will see a boot menu if the PXE boot works correctly. If you are usingEtherboot, you will see the boot menu immediately. In the boot menu, there are two choices. First is booting Aptus,second is boot local. You can press [L] to boot back to your local media for dual booting. If you leave your keyboarduntouch, the default selection is Aptus which has a timeout of 3 seconds. You will then start loading up the Linuxkernel and booting Linux .

5.8.2. First time configurationFor the first time startup, the client will startup a fresh clean copy of the Linux operating systems. Therefore, hardwaredetection utilities will prompt you for configuration of hardware because of new hardware detection. Note for networkadapter configurations, since all the network configuration are already configured by Aptus Configurator so you don’thave to enter new settings or configure network manually. When the hardware detection program ask for migratingexisting configurations you should say yes.

5.8.3. Other configurationsSince all files are being shared including configuration files. That means all other configurations of the Linux OShave the same configuration as the server, except for network configurations and hardware configurations. If youwant to customize your client configuration, you can login as root at the client and do the configuration at the clientconsole or by default, each client will start a copy of Webmin server, you can configure your client by connecting toyour client’s Webmin server. You can run your favorite configuration tools like "Xconfigurator" to configure XFree86on your Redhat Linux, or "Xdrake" on your Mandrake Linux . Most of the tools will work as usual. You can alsoedit configuration files as it was a normal Linux machine. Files located in the root file system "/" that are modifiedat the client will take affect on that client only. Modified configurations will be persistently stored at the server in/var/opt/aptus/mygroup/hosts/myhost which is the host profile directory.

21

Chapter 6. Create client boot disks

6.1. Running the boot floppy disk creation programIf you don’t have PXE enabled clients or setting up a test environement, you may want to try out and use boot floppyfor test first. You can run/opt/var/opt/aptus/boot/mkaptusbootdiskto create the setup boot disk.

mkaptusbootdsk program shows only 4 pre-selected boot-roms ( ie. eepro100, rtl8139, sis900 and 3c90x ) by default.You have to run./mkaptusbootdsk -ato show all other supported network card boot images.

6.2. Create boot disk manuallyYou may create boot disk manually using dd or cat. The client boot files are installed in "/opt/var/opt/aptus/boot"directory. By default, 3 types of files are provided named "<net-device>.lz*".

Boot floppy images(*.lzdsk)

The file named with "<net-device>.lzdsk" are boot floppy images suitable for creating boot floppies. You cancreate with thedd command, exampledd if=/opt/var/opt/aptus/boot/rtl8139.lzdsk of=/dev/fd0will create anAptus Client boot floppy for Realtek 8139 network card.

DOS boot loader(*.com)

The file named with "<net-device>.com" are DOS program that will launch the Aptus client from real modeDOS. It is useful when you Aptus client has a hard drive with Windows/DOS and you can launch it by runningthis file in real-mode.

Boot ROM image(*.lzrom)

The file named with "<net-device>.lzrom" is a boot rom image that you can burn it into eeprom and stick it intothe network adapter. Most of the network adapter today have a boot ROM slot. If you are running an on-boardbuilt-in network adapter, you can try to modify your system bios to flash-in your boot ROM.

22

Chapter 7. Tuning AptusIf you are installing Aptus to a large scale network, you may want to find ways to make Aptus run faster or scale better.Generally, Aptus server does not have limitation on number of clients it can handles as soon as the Linux kernel NFSserver can handles. More clients may reduce performance but stresses shouldn’t make your Aptus server to crash.This chapter describes ways to make your Aptus server scales better with load separation techniques and some tuningtechniques.

7.1. Server considerations

7.1.1. ProcessorsThe processing power requirement on the server is low. A minimum of Pentium grade but a dual processor SMP box issuggested to handle multiple request seamlessly. We suggest a dual Pentium III 800MHz or above. Processing powerof the server does not help to improve the performance or scalability of your Aptus system at all.

7.1.2. MemoryMemory requirement of the server is a big concern, if you have a lot of files and data with frequent access, it is suggestyou have more memory on the server (512Mb or above). This will allow the server to make use of the memory to useas cache to reduce disk loads.

7.1.3. RAID disksRAID is a minimum requirement of the Aptus server for some reliability. It is suggested the server to run RAID10,000rpm SCSI drives. This will give you a high performance and reliable file system. It is suggested to use hot-plugSCSI drives so you don’t have to experience system down time during a disk drive replacement.

7.1.4. SAN (Storage Area Network)SAN may be a good choice if you consider disk drive capacity scalability problem in the future, but generally SAN isslower than direct attached drives.

7.1.5. Network adaptersIt is suggested the server should at least use a 100Mbps Ethernet adapter and 1000Mbps are preferred to high loadedservers.

23

Chapter 7. Tuning Aptus

7.1.6. High availability clustering and fail overAptus is a stateless file server. It is possible to setup a fail over and redundancy. Since Aptus clients are sharing thesame root file system with the server, a complete root sharing HA cluster setup is required. Other high availabilitysolutions that only do partial fail-over will not work with Aptus . The only proven and workable HA solution is theShaoLin HA-Cluster which provides a complete system fail-over solution please see ShaoLin HA-Cluster webpage(http://www.test/product/hacluster/) for more details.

7.1.7. Power supplyUPS (Universal Power Supply) is suggested for the server to have the ability to overcome power failure.

Redundant power supply on the server will have the ability to overcome power supply failure.

7.1.8. NFS server tuningYou may want to increase the number of nfsd instances by modifying the nfs server init script at/etc/init.d/nfs .In a Redhat Linux distribution, it is controlled by a lineRPCNFSDCOUNT=8. Try to modify this number to equalto the number of clients serving by this server to maximize the nfs server response. See Linux NFS HOW-TO(http://nfs.sourceforge.net/nfs-howto/performance.html) for more information about Linux NFS.

7.2. Multiple server setupsIf you have more and many client computers in the network (over 100 clients), it is suggested to have multiple serversto serve these clients. Instead of using a single file server, you can split the load for the Aptus server.

Home directory server

A separated home directory server, this is useful for large systems that might have heavy loaded home directories(over 200 users on one server). Since user home directories generate the most heavy I/O traffic on common Unixnetworks, it is likely home directories stored important data which need to be well managed and administered.Some systems might even need multiple home directory servers for load separation. You may consider purchasea network attach storage (NAS) which supports NFS for easier storage management, or you may setup separateNFS servers. You may edit the file/var/opt/aptus/mygroup/groupfs/etc/fstab.group to add mountsto other server or do this in Aptus Configurator. Add the line

OTHER otherserver:/home /home nfs defaults 0 0

Will make your group of Aptus clients to mount this file system on startup.

24

Chapter 7. Tuning Aptus

Aptus server

Here, Aptus server means the Linux server which is installed with Aptus, serving the root file system, managingnetwork configurations of clients. The Aptus server need not to be serving the home directory at the same time,because clients can always mount to other servers to acquire the home directory.

Swap server

If you client doesn’t have a local hard drive, and local swap is disabled. You will put some load on to theswap server as well. By default, Aptus server will act as a Swap server, but you can specify the clients touse a separate swap server so that your Aptus server and home directory server doesn’t get overloaded toomuch in case of many many diskless clients on the network. To use a different swap server, edit the lines in/var/opt/aptus/mygroup/groupfs/var/opt/aptusgroup.conf

SWAPSERVER=myswapserver.hostname.or.ip-addressNETSWAP=/myswapserver/exportdir

This will cause the group of Aptus clients to swap to the specified NFS export. You have to make sure the swapserver is configured to allow read-write to the specified export.

7.3. Network security

7.3.1. LAN securityLike other Unix networks, the Aptus server assumes you trust your LAN and it is the responsibility of the user tomaintain the physical security of the LAN (i.e. cables and sockets). Data and files are transmitted unencrypted in yourlocal area network, it is better for users to maintain security of the physical network.

7.3.2. Other concerns relating with other OSesIf you have other MS Windows machines want to connect into the network, it is suggested they use a separate subnetor using a different switch to separate their physical connections. MS Windows are single user operating systems anddoes not have the concept of secure ports like Unix. Having single user operations system machines in your LAN isto invite invasion. We strongly suggest you to separate them out of your secure network if you are planning to setup aproduction system. The cost of separation is the cost of an extra network switch or hub and an extra network adapterfor the server. They are so cheap (around US $10.00 for network card and around US $100 for the switch). You don’thave to do rewiring, just plug them into a separate hub. You also have performance gain (load separation) by doingthis.

25

III. Administration and operations

Chapter 8. Software installations and upgradesBy using Aptus, you can centralize install new software and upgrade your system without having to go through alengthly individual client system administration. This chapter describe some issues on system upgrade and installationwith Aptus, and some application specific notes.

8.1. Software installationSoftware installation and upgrade should be done by using the RPM (Redhat Package Manager) since the packagesinformation database are shared by all clients. It is safe to do software installation incline without rebooting the systemprovided your application doesn’t overwrite existing files already installed on the system. Therefore, it is safe to usetools such as up2date and red-carpet to upgrade your system at the server (not client). Notice, RPM query can be runat the client but not package installation.

8.1.1. Notes on web browsersSince user home directories are located in network file systems, it is not recommended user web browsers to use diskcache. Since files have to save to the server’s file system and then re-read from the network. This mechanism generatesdouble network traffic and causing unnecessary disk load on your home directory server. Storing temporary files inexpensive storage like SCSI disk arrays and backup temporary files is also wasting system resources. It is stronglysuggest to setup proxy servers for your network, using Squid proxy server to setup a transparent web cache proxy isquite easy and is freely available. You can configure web browsers like Netscape and Mozilla to default having zerodisk cache in their global configuration files.

8.2. Software upgradesSoftware upgrades means overwriting old package files which are already installed on your system by newer ones.Notice, you have to make sure the to-be-upgrade application files are not in-use by active clients, otherwise unstablesituation can occur.

8.2.1. Upgrading shared librariesUpgrading shared libraries can be dangerous. Since shared libraries are used by one or more applications. For example,the glibc system library is almost used by all applications in your system. It is suggested you reboot all clients aftershared libraries upgrades, otherwise your system may behave unstable.

27

Chapter 9. Integration with existing systemsIt is likely you have existing servers and services running in your existing infrastructure. Aptus itself also require NISand

9.1. Existing NIS serversIf you have existingNIS (Network Information Service)servers serving user authentication information. Aptus requiresitself to be a master NIS server to serve netgroup and host name information. This doesn’t mean Aptus cannot integratewith existing NIS servers. Aptus server itself is both NIS client and NIS server, in fact Aptus server can be configuredto only listen to itself and serving itself. Your clients can be configured to use a different NIS domain and listen toyour existing NIS servers. This will separate just your Aptus server itself out of your existing NIS domain, leavingall your Aptus clients integrate with your existing NIS managed network. So Aptus can still seamlessly integrate intoyour existing NIS managed network.

9.1.1. Disabling NIS on Aptus serverYou can change the NIS settings in Aptus Configurator to use a separate NIS server. SelectNo for use NIS at themodule configuration. Then you have to make sure you have disabled the NIS service (ypserv) at the Aptus server bydoing the following

$ /etc/rc.d/init.d/ypserv stopStopping YP server services: [OK]$ chkconfig --level 345 ypserv off$

This will disable the ypserv on startup and turn off NIS .

9.1.2. Use existing NIS serversYou can go to Aptus Configurator ->Group configuration -> NIS Client and specify your desired NIS server addressand domain name.

You may also change this by hand in the groupfs located in/var/opt/aptus/mygroup/groupfs/etc/yp.conf

. Seeman 5 yp.conffor more details of the file format.

9.2. Existing DHCP serversAptus server hasDHCP (Dynamic Host Configuration Protocol)capabilities, Aptus is compatible with the old ISCDHCP daemon version 2 which comes with most of the Linux distribution. That means the old/etc/dhcpd.conf

can be migrate to aptusd without modification. If you don’t want to migrate your DHCP services to Aptus, Aptusclients and Aptus server can co-exists in the same network. You have to configure your DHCP server to reserve asubnet or range of IP address for your Aptus client, and configure your Aptus server to use that reserved segment of

28

Chapter 9. Integration with existing systems

addresses. You can refer to the existingman 5 dhcpd.confor man 5 aptusd.conffor more details of how to edit theconfiguration file.

9.3. Existing Linux/Unix file serversIf you already using Linux or Unix as your file servers, Aptus can cope with this easily. You can configure your Aptusclients to make NFS mounts to existing Unix/Linux file servers. NFS is a standard file sharing protocol in all kinds ofUnix and Linux, you just have to make sure the network settings is correct, so that your Aptus clients can reach thoseservers. You can edit/var/opt/aptus/mygroup/groupfs/fstab.group , seeSection A.4for more details.

9.4. Windows NT file serversIf you have existing Windows NT file servers, you have 2 choices to enable file sharing with your Aptus clients.

SMB client

Linux support SMB protocols which allows your Aptus clients mount to Windows SMB file systems directly.You may want to create a mount in the group fstab. SeeExample A-6.

Microsoft Unix services

Microsoft has a Unix service package which it has an NFS service, your Aptus clients can just treat NT serversas NFS servers.

Either way will work, but you have notice the security issues about this. Since Microsoft doesn’t support the Unixfile mask and permissions, where there is no uid and gid information in each file and directory, you might have toconfigure the mount to be activate during each login, you will also need to run mount.nfs or smbmount as setuid rootto do this. We strongly suggest you top migrate all Microsoft NT file servers to Linux with lower cost of license,higher in performance, better reliability and better system integration. If you are only using NT as a file server, youcan migrate the server to Linux and re-enable Samba on Linux which will perform the same.

9.5. LDAP authenticationIf you have LDAP server configured in your network and wish Aptus clients authenticate against the existing LDAPserver, you can setup the LDAP client to authenticate against external LDAP servers. You can simply configureLDAP clients on the Aptus server, and this will automatically made all clients to follow the configurations at theserver without having to configure them one by one. If you want to separate configurations and only want theclients to use LDAP, you should move those configuration files to/var/opt/aptus/mygroup/groupfs/etc

instead of the server’s/etc directory. You may also want to turn on the NSCD service of Aptus clientsby going to Aptus Configurator ->Group configuration -> Startup services -> nscd and turn on atrun level 3 and 5 . For more information about LDAP configuration, please see the LDAP-HOWTO(http://www.tldp.org/HOWTO/LDAP-HOWTO/index.html) and the LDAP-Implementation-HOWTO(http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/index.html) which describe how to setup a Linuxmachine to be a LDAP client.

29

Chapter 10. Fast and large scale deployment,managementEach Aptus clients(host) have its host profile which can be backup-ed or copied to other Aptus hosts. A host profilecontain all configurations of that host. This host profile contains all the configurations you’ve done on that client(including printers, hardware and others). You can make use of this host profile mechanism to manage host configura-tions and eliminate the need of redo any configurations on other hosts which required the same configurations. If youare not familiar with creating an Aptus client, see more information on creating a new Aptus host onChapter 5. Underhost configuration, there is a feature called Manage host profile which allow you to manipulate the host profile. Formore information on using Manage host profile, please read the Aptus Configurator help pages.

10.1. One to one host duplicationYou may want to duplicate the settings of a fully tested and setup client to a new client. Go to the host configurationpage by clicking the host icon. You can go to the manage host profile section under host configuration and duplicatethe host profile to new hosts. This will duplicate all configurations you’ve done on the client except for networkconfigurations. If your new host have different hardware configurations with the original host, you may continue toproceed and doesn’t matter. The hardware detection software comes with your Linux distribution will resolve thedifference for you. For more information on hardware setup, please refer to your Linux distribution documentation.

10.2. Backup and restore host profileYou can also backup the host profile and save it as a file on the server. Next time when you add new hosts, you canuse the saved host profiles. You can also overwrite existing hosts with this backup host profile. This allow you to playaround with host settings.

10.3. Large volume host creationYou can use the Copy to detected Aptus hosts feature to copy a host profile to a large number of detected hosts. Thisfeature is designed to deploy large number of clients with automatic IP address assignment and host name assignment.

10.4. Default host profile for all new clientsA typical scenario is that you have fully configured a client. An you want this client’s configuration as a template forall other new clients within the same group in the future. You can save the host as a default host for the group, so newhosts will use this host profile by default without having to make any selection.

30

Chapter 11. Uninstalling AptusThere is an uninstallation script that will automate the uninstallation process so that you don’t have to remove eachRPM package manually. It is located at/opt/var/opt/aptus/bin/var/opt/aptusuninstall.sh , just type/opt/var/opt/aptus/bin/var/opt/aptusuninstall.sh. You will have to say Y to stop NFS for proper uninstallation ofUnionFS, The directories under/var/opt/aptus is the group directories, the uninstaller will also prompt you fordeleting those directories. If you delete the group directories, you will no longer can restore your groups by rein-stalling, please note.

After uninstallation, you will still need to manually clean up the following files,/etc/netgroup , /etc/hosts and/etc/exports . There might be garbage host entries in those files, so you will have to remove them manually.

31

IV. Miscallaneous

Chapter 12. Tips on the Linux environmentThis chapter describes some tips in Linux administration and are some suggestions to Linux administrators. Thischapter is not a formal documentation of Linux administration or any security reference manual.

12.1. Desktop environmentUsing GNOME and KDE desktop can make your desktop looks beautiful, but there are many concerns using thosedesktops environments in a corporate environment. In the administration sense, it is always good to keep your desktopenvironment as much as simple as possible, this will significantly reduce users questions and unknown. There alsoother factors that affect system behavior directly.

Memory consumption

KDE 3.0 is slow compared to KDE 2.2, it is because the memory usage increase quite a lot. The same thinghappened for the GNOME desktop. Using such beautiful desktop environment will cost you probably extra128MB of memory and 50% of performance degradation.

User training

KDE and GNOME desktop environments are so complicate, by default it contains too many application in themenu, often these applications generate confusion for your user, also too many unused functions and features arequite a big obstacle from letting users to get familiar with their working environment.

Bugs

KDE and GNOME have been continue development forever, new features are always added and therefore it islikely to be buggy. This can also cause big problem too.

Simplifying your desktop environment can reduce your support work, administration load and even eliminate usertraining. If you only required let’s say 3 applications in your day to day office operations, it is good to configure onlyhaving these 3 icons on the user’s desktop environment. This will eliminate almost all user training to get familiarwith the working environment since there is no choice on their desktops. Having just sufficient functions in theirworking environment can also reduce the chance of having problems, because users generally like to play aroundwith the menu. Other window managers such as WindowMaker comes with a nice desktop environment and onlyuse very little memory. Running small window managers will increase overall system performance and lower youradministration cost tremendously.

12.2. Mailing systemsThe mailing system is also important in a Unix/Linux workstation environment. We will discuss 2 commonly usedmailing system, Sendmail and qmail.

33

Chapter 12. Tips on the Linux environment

12.2.1. SendmailSendmail is included almost in every Unix/Linux distributions, it uses the standard Unix mbox format. Where mboxformat stores all messages in a single file linearly. With today’s high demand email systems, it is not quite efficientto use this kind of mailbox format. If you are deleting the first message, it will required to shift the whole mailboxfrom the end to the beginning. This mailbox format is also not safe, if you are on the way operating your mailboxand having a system crash, you can loose the whole mailbox easily. It likely that large file is easier to get corruptedagainst small files. Sendmail also store user inbox in /var/spool/mail/[userid], the mailbox doesn’t live in user homedirectories, it diverse the disk quota management and require additional work to backup those mailboxes other thanjust backing the system home directory where important user data files are located. Local mailboxes may not workcorrectly on Aptus clients because /var/spool/mail does not locate on a sharable file system. It is also unsafe to mountthis spool folder using NFS. Therefore, it may require to use IMAP services on the mail server even in the local areanetwork, resulted increasing the load of mail servers.

It is likely a centralized storage Linux/Unix network will have the server running IMAP, this will prevent users beingdownloading messages and deleting messages from their local storage. Having an IMAP server running over the mboxformated mailboxes can be very slow. Since IMAP server has to walk and search through a large file. Experience showsthe memory consumption is very high on IMAP servers with mbox formated mailboxes. It is also confusing betweenfolders, directories and files. Email clients usually refer mailboxes to folders, folders usually refer to directories in filesystems, it may cause some email clients not to recognize sub folders correctly.

There is also a commercial version of Sendmail may perform better and has commercial support. For more informa-tion, please see the Sendmail official website (http://www.sendmail.org).

12.2.2. qmailQmail is a proven scalable and fast mailing system for Unix/Linux. Large mailing systems like Hotmail used Qmailto setup their large scale mailing system. qmail use the maildir format to store messages. Where messages are storedin individual files. This will minimize the chance of having mailbox corruption. qmail can be easily configured to putall messages of users to put in their home directory, local mail can be easily retrieved from home directories withoutthe need of using IMAP services. This will reduce load of mail servers tremendously. It is strongly suggested to useQmail in a corporate environment where email traffics are usually heavy.

Qmail is also good for NFS delivery, that means you can have a stand alone separated operation mail server. This willallow you to setup a separate mail server and delivering mail to the home directory server directly without having torun qmail from your home directory server.

For more information, please see the Qmail official website (http://www.qmail.org).

12.3. File systemsThere are quite lot of file systems support in Linux, the most common type is ext2, others such as ext3, xfs, jfs, andreiserfs are getting more common and they will likely enter the standard Linux kernel. This chapter is to address someexperience of the author using those file systems with Aptus and Linux administration. It also cover some performanceand reliability aspects on using those file systems.

34


12.3.1. Ext2 and Ext3People are moving to Ext3 because of the journaling feature. Journaling enable fast file system recovery on uncleanshutdowns. Ext2 and Ext3 are backward compatible, you can move your Ext2 by using the tune2fs utility which comeswith most of the decent Linux distributions. To convert a file system from Ext2 to Ext3, unmount your file system anddo the following.

Example 12-1. Convert existing ext2 file system to ext3

$ tune2fs -j /dev/hda2

The -j option will create journal block in your existing Ext2 file system which in turn a Ext3 file system. To findout more details about journal block size, please checkout theman 8 tune2fs. Ext3 has only medium performance,however, the reason to use Ext3 is because of compatibility. It also have extensive tools for rescue and debugging. Itis save to use Ext3 to trade performance with protection.

12.3.2. JFSJFS is called journaling file system and is developed by IBM, it has journaling feature and reasonable performance. Itis a file system comes from a mature operating system IBM AIX . Currently, JFS is not in the standard Linux kernel,you may find difficulties in getting help or rescue JFS in Linux. The Mandrake Linux distribution ships JFS in theirstock 2.4.18 Linux kernel, so if you want to use JFS, you have to use Mandrake Linux.

12.3.3. XFSXFS is developed by Sgi, it is a high performance journaling file system original from the IRIX operating system.Currently, Mandrake Linux ship XFS with its stock kernel. This file system have higher average performance thanLinux Ext3 and Ext2 with journaling feature. XFS have some special features like guarantee I/O rate and fast lookupon large directories, it also support very large file size and is on-disk compatible to IRIX version XFS. It also supporta block size of 64K which benefit on large file systems.

12.3.4. ReiserfsA pure Linux based high performance journaling file system. At the date of publication, reiserfs is in version 4 . Ourexperience shows reiserfs version 4 has the highest performance out of the above file systems, it is useful on storinglots of files in a directory without experience delayed file lookups. The problem of reiserfs is its block allocation makeit easy to corrupt on unclean shutdown . If you really concern about reliability (such as storing data files or user homedirectories), please use other file systems. But I still recommend using reiserfs on/usr and other non frequentlychanged file systems which they have less likely to be unsynced.

12.3.5. Logical Volume Manager (LVM)LVM is an enterprise level volume management driver. It is useful on dynamically resize partitions without have tobackup or alter partition information. To use LVM, you must create the LVM volume group and logical volume at

35


setup time. It is suggested to use LVM on home directory servers where storage capacity has a high demand. LVMitself is not a file system, in fact it is a multi-disk block device driver. Other than scalability of capacity, it also providessnapshot features of file systems which is useful in making incremental backup of system. LVM can also strip yourdata into multiple disks where performance can be increased over data stripping. See more details on LVM How-to(http://www.tldp.org/HOWTO/LVM-HOWTO.html).

12.4. Controlling User Access to applicationsYou may want to restrict some applications only accessible by some specified users. The trick to do this is to makeuse the Unix file system security. You should create a user group and add those users to that special group. Then youshould chnage the permissions and group ownership of the files which belongs to that application to only accessibleto that group. Typical file mode for binary files are 0750 (-rwxr-x---) to make sure "others" don’t get read access.

The following example illustrate how to control only a group of people to use Win4Lin. Assume Win4Lin is alreadysetup in your Aptus server. First of all, create a user group called "winusers" . Then add the desired users to the group"winusers" . Login as root at the server and do the following.

chgrp -R winusers /opt/win4linchgrp -R winusers /var/win4linchmod -R o-rx winusers /opt/win4linchmod -R o-rx winusers /var/win4lin

This will make sure that only users belongs to the group "winusers" get access to the Win4Lin files.

36

Chapter 13. Troubleshooting

13.1. General InstructionsYou should always check your syslog messages in/var/log/messages whenever an error occur. Wipingyour syslog will never able to solve your problem. Please read the FAQ before you send your question [email protected] , since most of the common beginner questions are here.

13.2. Frequently Asked Questions

13.2.1. Using K6, Pentium and other old i386 compatible clients willhang at init!If your server is running an i686 architecture, you will have to use packages that is compatible with your clientsso that they can share the files with the server. One most common package that is optimized is the glibc package.You will have to reinstall the glibc package that is compatible with your clients (i.e. the glibc-XXXX.i386.rpm). Bydefault, RedHat Linux will install an optimized version of glibc on your server machine, please get the i386 versionand use the command "rpm -ivh --upgrade --force glibc-XXXX.i386.rpm" to force overwrite the existing package. Itis always available in your RedHat installation CD disk 1. After doing this, you will also have to remove the directory/lib/i686 to clean up incompatible libraries. You might have to do this for other packages that you want to sharewith clients as well.

13.2.2. My ypbind at server reports "broadcast: RPC: Time out.". Itcannot start!When installing the ShaoLin Aptus, Aptus installation program will automatically change your ypbind init script/etc/rc.d/init.d/ypbind to use broadcast. Usually this happens because of an incorrect setup of/etc/hosts

file . The server cannot find itself because the IP address of your Aptus server did not have a host entry in the/etc/hosts file. Correct it and you will fix your problem.

13.2.3. Client cannot load kernel image at startup, reports"permission denied"You should check your/etc/exports file to see if there an entry for/tftpboot/kernel . If you are runningnetgroups, please check the files/etc/netgroup and /etc/hosts with the correct host information entry. Aftercorrection, runmake -C /var/yp (For RedHat Linux, other Linux may different). You may also want to runexportfs-r if you make changes to/etc/exports .

37


13.2.4. The hardware detection program ask for the "XFree86-4 RPM"You should hit cancel here, since some distribution doesn’t allow the root (superuser) to query the RPM database atAptus clients, resulting it cannot find the RPM package. You can simply hit "Cancel". The system should work fine.

13.2.5. More experience with NFS problemsSome people will have experience with NFS problems, this is mainly due to invalid entries in the /etc/hosts file ofin /etc/netgroup file. After you fix the host or netgroup entries (remember to update the NIS database "make -C/var/yp"), try to reload the NFS with the command "exportfs -r", if not success, you will have to stop the nfs completelyby /etc/rc.d/init.d/nfs stop (for RedHat users),rmmod nfsd (remove the nfsd module from memory) and then startthe nfs server again by "/etc/rc.d/init.d/nfs start" . If this still doesn’t help, you will have to stop nfs again and unloadthe nfsd module, but this time clean all up the temporary files in the /var/lib/nfs directory, never do this while you haveAptus client online, otherwise they will hang and need to reboot to reconnect to the Aptus server.

13.2.6. When my client connect to the Aptus server it says"connection refuse"Most of the daemons make use oftcpd , tcpd make use of the file /etc/hosts.allow and /etc/hosts.deny . This includeNFS, sendmail, ypserv, xinetd and many other programs. You may have settings that does not allow you client connectto the server. See the manual page of hosts.allow(5) and hosts.deny(5) for more information.

13.2.7. My client stops at "Loading kernel ...."Its likely you have firewall at the server. By default, some distributions have ipchains started (e.g. RedHat 7.2). Type"service ipchains stop" at the server to stop ipchains, type "chkconfig --level 2345 ipchains off" to turn it off by default.If you want to still use firewall, you have to let DHCP, and all RPC stuff to get through this includes portmap, NFS,and NIS. RPC has dynamic port numbers, it is recommend you unblock the firewall of the network adapter that isconnected to the clients.

13.2.8. My client can bootup, but only up to starting ntpd and ithangsThis is likely a problem of "clock skew", if your time rolls back before the date of the ntp configuration files, thiswill happen. On Redhat systems, the packaged ntpd may experience problem in reading the /etc/ntp/step-tickers file ifthere are no end of line character. Please check your ntp server’s time and configuration file.

13.2.9. My client cannot synchronize time with server, I am usingRedhat 8.0 and the ntp service just start failedSome ntpd at the server requires running for a while (typically 15 minutes) after startup in order to be able to listen toany clients. You just have to wait until your server’s ntpd will is ready for synchronization. Then your client will able

38


to connect to it later. You may also point to another ntpd other than the Aptus server which is already functioning. Youmay do this during creation of the Aptus Group.

13.2.10. I cannot logon to the client desktops using user accounts,only root can. I can use that user account to logon at the server, whynot client?It is likely you didn’t updated the NIS database after you added a user account at the server. By default, Aptusclient uses NIS (see Linux NIS project (http://www.linux-nis.org) for more information) for user authentication. Theconvinient way to solve this is to use the "User/Groups" under the "System" menu for user account managementwhich has already configured to update the NIS database after changes. The other way is to update the NIS databasemanually after created new user accounts by usingmake -C /var/yp and then/etc/init.d/ypserv restart. If you areusing other authentication systems such as LDAP or other, please check your settings.

39

Appendix A. Technical Reference

A.1. Run-time configurationsRun-time configurations control Aptus client behavior, the group run-time configuration file is located inthe groupfs /var/opt/aptus/mygroup/groupfs/etc/var/opt/aptusgroup.conf . It is used duringAptus client startup initialization. The host specific run-time configuration file is located in the hostfs at/var/opt/aptus/mygroup/hosts/myhostname/etc/var/opt/aptushost.conf . The init process will readthe aptusgroup.conf first, then it will read theaptushost.conf . The configuration inaptushost.conf willoverride settings in the group, if you not specify any settings in the file, it will default follow the group settings.

DEFAULT_SWAPSIZE=[num]

The swap file size in megabytes. The default value is 128, you may change this option to suit your need. Thesetting will take effect on next reboot. Note, this has no effect on local swap partition and only apply to localswap file or NFS swap file.

SWAPSERVER=[hostname or IP address]

The NFS swap server’s IP address. If unspecified, the Aptus server is used.

NETSWAP=[path]

The NFS export path of the swap server. The default value is/var/netswap .

LOCAL_SWAP=[device]

The local swap partition or the local device to be used by the local swap file. The default value isauto meansautodetect, you can specify a partition to use. If the target partition is a Linux swap partition, it is automaticallyused as a swap partition, otherwise it will attempt to mount the file system at/mnt/local . Currently, supportmost of the Linux file systems except NTFS. SeeLOCAL_SWAP_MOUNT_OPTIONfor mount time options for localswap device.

LOCAL_SWAP_FNAME=[filename]

If the LOCAL_SWAPis not a swap partition type, a local swap file is used instead. This sets the local swap filename, .

LOCAL_SWAP_MOUNT_OPTION=[options]

The mount options for the local disk for swap, some file systems like fat requires special mount options likesetting the default umask of file, uid, and gid. You may specify mount options here.

Note, specifyingOPTION=in aptushost.conf will cause the system to use its default value, sinceOPTION=meansanempty string.

40


A.2. Union File System ReferenceUnionfs is suitable to use with NFS daemon nfsd. It uses a fake block device/dev/unionfs[0-255] with majornumber 231 and minor number from 0-255 . Unionfs have the following behavior,

Example A-1. Example Unionfs Mount

mount -t unionfs -o master=/master,slave=/slave /dev/unionfs1 /unionfs

/master/a/master/b/master/c

+/slave/a/slave/d/slave/e

Unionfs -> /unionfs/a/unionfs/b/unionfs/c/unionfs/d/unionfs/e

This is also known as union mount. In this example, there are ’a’ in both /master and /slave. In this case, unionfswill take a from /master. If there are subdirectories with the same name in both master and slave, the contents of thesubdirectories will be merged together as well.

A.2.1. Mount time options

master=[dir]

The master file system dir.

slave=[dir]

The slave file system dir.

Notes: Both master and slave must be on the same partition ( from the same block device ), otherwise, unionfs mountwill fail.

A.2.2. The .unionfs fileThe.unionfs control a run-time per directory behavior of Unionfs. The.unionfs file must reside in the master tree,and it will be read into memory in directory lookups, it will not refresh itself unless the directory cache is dropped. It

41


contains the following sections and have the following meaning,

[Options]

The [Options] section is for controlling options of this directory, you can specifyno_slave option to makethis directory not merge with slave sub directory. Example,

Example A-2. .unionfs options

[Options]no_slave

Currently we only support one option.

[Exclude]

You can specify a list of file name entries to be excluded from merging with its slave subdirectories. Each of theentry is separated by end of line character.

Example A-3. .unionfs exclude

[Exclude]name1name2name3

When theno_slave is on, the[Exclude] section has no meaning.

A.3. Union Network File System ReferenceUnionnfs have the same union behavior like Unionfs, it does not require a fake block device to mount. You can simplegivenone as the block device. It also has the.unionfs file control of directories. But Unionnfs is designed to mergetwo NFS directories with special control.

A.3.1. Mount time options

master=[dir]

The master file system dir.

slave=[dir]

The slave file system dir.

42


cow=[yes|no]

This is called the Copy-on-write flag. When enabled, modifying files on slave directory will make a copy ofthe file to master directory and the changes will be made to master directory. The file in slave is ’protected’ byCopy-on-write feature. This is enabled by default for Unionnfs mount and disabled by default for unionfs mount.

nocheckdev

This option is used by Unionnfs mount on two NFS mounted directories. When nocheckdev is specified, Unionnfswill not perform cross device checking. However, you must make sure that the two NFS mounted directories mustcome from the same partition from the same server.

Example A-4. Example Unionnfs Mount

mount -t unionnfs -o master=/import/master,slave=/import/slave,cow=yes,nocheckdev none /unionnfs

/import/master/a/import/master/b/import/master/c

+/import/slave/a/import/slave/d/import/slave/e

Unionfs -> /unionnfs/a/unionnfs/b/unionnfs/c/unionnfs/d/unionnfs/e

Demonstration of copy-on-write .

Example A-5. Unionnfs copy-on-write

$ cat /unionnfs/eHello World!$ echo abc >> /unionnfs/e$ cat /unionnfs/eHello World!abc$ cat /import/slave/eHello World!$ cat /import/master/eHello World!abc$

Changing the file in slave will result copy to master, leave the slave file untouched.

43


A.4. Group fstabThe Group fstab in groupfs/var/opt/aptus/mygroup/groupfs/etc/fstab.group , is a group shared networkfile system tab which allow you to specify network based file system mounts at startup. This file has special syntaxsuch that you don’t have to specify the IP address or host name of the Aptus server, the client will locate it for youusing a different mechanism.

Example A-6. Group fstab

APTUSSERVER /home /home nfs defaults 0 0APTUSSERVER /usr /usr nfs ro 0 0OTHER mymailserver:/var/spool/mail /var/spool/mail nfs defaults 0 0

The first column is the source type, second is the source, third is the mount point, forth is the file systemtype, fifth is the mount options, sixth and seventh are not used. In this example, a NFS mount is mount tomymailserver:/var/spool/mail at /var/spool/mail . This will cause the whole group of Aptus host tomount this file system at startup. You may also specify other file system types other than NFS.

44

GlossaryAptus Configurator

It is a module for Webmin, it is for web-based GUI management of Aptus server.

DHCP (Dynamic Host Configuration Protocol)

A service that is used in local area network for automatic IP address configuration. Centralized IP address man-agement by only having IP address and network configuration information at the DHCP server only.

Etherboot

An open source project for TCP boot support. See Etherboot website (http://etherboot.sourceforge.net).

FHS (Fliest Hierarchy Standard)

The FHS holds the meaning and usage of each file system under Unix/Linux. Software application and servicesshould always compliant to FHS on a Unix/Linux system. See www.pathname.com (http://www.pathname.com).

Group

All group of hosts that shares the same root file system. The root file system exists in/var/opt/aptus/<groupname>/rootfs , which is a union mount using Unionfs with the Aptus server’sroot (/ ) and the groupfs. SeeRootfs templateandgroupfs.

Group name

By default the group name is the directory name holding all the root file system and hosts file systems under"/var/opt/aptus". Example, for a group name "mygroup" will exists in /var/opt/aptus/mygroup . Aptus will alsouse this name to create annetgroupfor security control.

groupfs

The files exists in "/var/opt/aptus/<groupname>/groupfs/" are the files that is the group specific rootfs template.This groupfs is being copied from the rootfs template by Aptus Configurator. It has being modified to have groupspecific information . SeeRootfs templatefor more details .

45

Glossary

group shared unionfs root

The group shared Unionfs root is aUnionFSmounted file system, merging group groupfs and/ (the server’s rootfile system) having the groupfs as the master (at the top). It is the shared root for Aptus clients and is mounted at/var/opt/aptus/<groupname>/rootfs . SeegroupfsandRootfs template.

hostfs

The host file system, it is the file system that contains host specific files, the files exists in hostfswill only usable by the corresponding host. A copy of hostfs exist for each host in the group in/var/opt/aptus/<groupname>/hosts/<hostname>/ .

Intelligent Union Architecture (IUA)

The Intelligent Union Architecture.

LDAP (Light Directory Access Protocol)

The LDAP is a widely used protocol to manage network database information. Such user accounts and passwords,address books and other system information. Linux has a free open source implementation of LDAP calledOpenLDAP. LDAP is also useful to synchronize user account information in a cross platform environment.

Master tree(master file system)

The top level of a unioned file system, when duplicated files exists (same name and same path) in theSlavetree(slave file system), only the file in master tree will be seen and used. This also applies to delete and rename.

NFS (Network File system)

NFS is a file system that allow you to export your file system (server) and mount it over the network at the client.Aptus uses NFSv3 to serve file systems over the network.

NIS (Network Information Service)

It is a service known as "Yellow Pages" (yp) for network. It holds security and network information and act asa directory services for hosts in the network, such that to maintain a centralized network information databasesimilar to LDAP but is a Unix native implementation by Sun Microsystems.

netgroup

By default, netgroup is a representation of a number of hosts in the network. It is stored in the configurationfile /etc/netgroup . Most of the system services can make use of netgroup to specify a group of computersincluding NFS. See netgroup(5) manual pages for more information.

46

Glossary

Network Time Protocol (NTP)

The NTP is a standard protocol for time synchronization across the network. Linux comes with a free NTPprogram called ntpd, it can both act as a NTP server and NTP client. It can synchronize clock with other sourceand serve its time to other clients simultaneously.

Rootfs template

The root file system template is a template for a specific Linux distribution or customized setup to protect thefiles in the server’s root file system being exported. It also contains Aptus client init and boot up instructions.

RPM

RedHat Package Manager. RPM is a packaging system that handles package installation, package dependency,package removals and all package related issues. It is widely use in Linux systems and even support for variousUnix OS . See RPM official website (http://www.rpm.org).

Slave tree(slave file system)

The lower level of a unioned file system, when duplicated files exists (same name and same path) in theMastertree(master file system), the file in the slave tree will be covered by the file from master tree, it will be unusable.

Stackable file systems

Stackable File Systems is not one file system, it is a term to describe some kind of file system. Stackable filesystems does not manage disk blocks themselves, it stacks on top of existing mounted file systems and producea new file systems. The stackable file system acts like a middle filter.

UnionFS

UnionFS allow merging 2 block device based file systems to form a single file system tree, the result tree withhave 1 on top of another but with merged directories and also sub directories. For duplicated files, only the filefrom theMaster tree(master file system)will be seen. The resulting unioned file system is also suitable to exportby NFS server.

UnionNFS

UnionNFS allow merging 2 network/non-network based file system, the resulting file system is not a block devicefile system and is not suitable to export with NFS server. This file system is used by Aptus client to find mergeits hostfswith thegroup shared unionfs root.

47

Glossary

VFS (Virtual File System)

The VFS is a virtual file system. In Unix and Linux file system, all mounted file systems exists in one big treeinstead of having drive letters. Users need not know to how partition and file systems are mounted. They justaccess the vfs namespace starts from root/ , file system are mounted on directories joining together are form asingle large tree file system called the VFS.

48

Documents

ShaoLin Aptus 2.0 Installation and Operations Guide · PDF file3/10/2015 · ShaoLin Aptus End-User License Agreement identiﬁed as "School Edition", you must be a "Qualiﬁed Educational